// 漏洞
// 攻击参数: ../../../../usr/
function getImg(ctx){
    const { img } = ctx.query;
    return fs.readFileSync(`./imgs/${img}`);
}

// node --experimental-permission index.js
const fs = require('node:fs/promises');
async function readFile() {
  try {
    const data = await fs.readFile('./config/default.json', {
      encoding: 'utf8',
    });
    console.log(data);
  } catch (err) {
    console.log(err);
  }
}
readFile();

/*
--allow-fs-read 
--allow-fs-write
--allow-child-process 
--allow-worker
*/